SPLUNK CLOUD SUB+ENCR GB/DAY

Request Pricing

Product Overview

SPLUNK CLOUD SUB+ENCR GB/DAY is rated 3.5 out of 5 by 8.

Rated 4 out of 5 by david hourani from It allows the centralization of data and brings birth to new sorts of correlations that were previously impossible using traditional SIEMs such as Arcsight or Qradar.Valuable Features:Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and brings birth to new sorts of correlations that were previously impossible using traditional SIEMs such as Arcsight or Qradar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk. Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data. Finally the ability to connect with various sorts of databases, NoSQL solutions makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis.Improvements to My Organization:Splunk helped reduce development cost since it provides free applications on Splunkbase that can save a huge amount of time and effort. It also gave us the ability to dig into logs to find not just one needle but many needles in the haystack of data and that helped solve multiple production issues and reduced system downtime.A great improvement brought by Splunk is the ability to remove sensitive data before displaying it in reports allowing Splunk administrators to filter data according to the user’s clearance level.Room for Improvement:Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more javascript visualization sources.Stability Issues:Released versions are quite stable, we encountered some visual bugs following major upgrades but that was due to custom CSS that we had edited into Splunk.Scalability Issues:Splunk is a data analytics platform and is designed to scale easily, adding or removing machines from a splunk index can be done without affecting any of the existing members of the infrastructure.Technical Support:In my opinion Splunk has three levels of support, first level is their forum (Splunk Answers). The Forum is very rich and solves 90% of the issues that can be encountered. Then comes the real technical support team that replies quite fast—It all depends on the SLA. Finally comes the professional services team, those guys provide a very advanced level of expertise and can solve any issue.Previous Solutions:Yes, Arcsight. We switched because of how slow the support can be with HP sometimes and also because Splunk is simpler to use, is more data oriented and is more adapted for business security use cases.Initial Setup:We started Splunk on a stand-alone server. Installing that was very easy, a basic rpm install for Linux and an installer for windows. When we moved to a distributed environment it was a bit more complicated but the documentation on Splunk Docs was clear and easy to use so we had no problem there.Cost and Licensing Advice:Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price. Also when you have small volumes of data to index daily (Which might account for high EPS) you will be gaining the full advantage of using Splunk for a very low price.Other Solutions Considered:Yes, Graylog and Qradar.Other Advice:You're in for a good surprise, Splunk is fun, easy to use and will give you the results you are looking and more. It's a great tool for security and business analysis, you're looking at a big data platform that will allow a lot more than what the good old SIEM's could do.Disclaimer: I am a real user, and this review is based on my own experience and opinions.

Date published: 2017-07-24

Rated 4 out of 5 by Troy Landers from My clients have visibility into systems and activities that they never had before.Valuable Features:Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them.Improvements to My Organization:Some of my clients had rudimentary home-grown security solutions that Splunk ES has completely replaced.In these cases, the improvement was dramatic; they had visibility into systems and activities that they never had before.In the case of clients who already had a SIEM solution, the change was more incremental. However, in my opinion, the Splunk ES solution is superior because it is so flexible. It can consolidate data from almost anything.Room for Improvement:The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating.Use of Solution:I have used this solution for more than five years.Stability Issues:There were no stability issues. It is one of the most stable systems that I have worked with.Scalability Issues:As of now, no scalability issues were experienced. Splunk is highly scalable, so don’t anticipate that. However, scaling can get very expensive with their pricing model.Technical Support:Technical support is excellent! It is of top notch level. The customer support folks really know their stuff, the turnaround is fast.Previous Solutions:Previously, we were using HPE ArcSight.Initial Setup:That’s a hard one. The initial setup is easy but making it actually work is complex. However, the complexity is something that just comes with any good SIEM solution. Very few companies have exactly the same data and issues, so a great deal of data onboarding and normalization are always required.Other Solutions Considered:We evaluated HPE ArcSight.Other Advice:Plan your implementation carefully. Be sure you have someone to implement it, someone who knows what he is doing. Splunk’s inherent flexibility is a great thing, but it also provides an opportunity to really mess things up.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are an alliance partner.

Date published: 2017-07-03

Rated 4 out of 5 by RaulLapaz from Security relies on this for event correlation and alerts.Valuable Features:* The speed of the search engine* All the types of data sources that you configure can be forwarded to Splunk.* The ease-of-useImprovements to My Organization:The network department, for example, has improved its efficiency by 30%. Security relies on this for event correlation and alerts.Room for Improvement:Cluster management can only be done via a command line. I would like them to add some GUI options for that. Permissions are not very flexible, so it would be nice to have more granular options, such as double factor authentication.Use of Solution:I have used Splunk for two years.Stability Issues:It is very stable.Scalability Issues:It scales out horizontally.Technical Support:The quality of support depends on the support and license. On the average, I would give them a rating of 6/10.Previous Solutions:We previously used ArcSight. Splunk is at another level. It is easier, more stable, and faster.Initial Setup:It is very easy to set up on a standalone server. Of course, if you want a cluster, it is more complicated. In order to manage it, you need skilled people.Cost and Licensing Advice:It is not cheap :-)Other Solutions Considered:We were using ArcSight before.Other Advice:My advice is to go ahead with it.Disclaimer: I am a real user, and this review is based on my own experience and opinions.

Date published: 2017-06-23

Rated 4 out of 5 by reviewer396600 from Collects data from many sources. Has search, analysis, and visualization capabilities.Valuable Features:* Collects data from any source* Powerful search, analysis, and visualization* Easy to build system on any platform* API and easily integrated search* Action scriptImprovements to My Organization:We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.We achieve this by collecting data and applying the analysis.Use of Solution:I have used this solution for one year.Scalability Issues:We did not encounter any issues with scalability. Everything is normal with no bugs.Technical Support:It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.Previous Solutions:We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.Cost and Licensing Advice:Licensing is free. Pricing is based on usage.Other Solutions Considered:We evaluated Elastic Stack and Sumo Logic.Other Advice:If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.Disclaimer: I am a real user, and this review is based on my own experience and opinions.

Date published: 2017-06-13

Rated 2 out of 5 by KH Lee from Valuable features include rapid search, data mining, and information propagation. The GUI should be improved.Valuable Features:Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.Improvements to My Organization:It has been helping a lot of my clients with fast data mining and information propagation.Room for Improvement:The GUI should be improved, in other words, the overall appearance.Use of Solution:I am not the end-user. However, my job was more relevant as a consultant.Stability Issues:Performance upgrades are needed when more processing power is required.Scalability Issues:We have not had scalability issues.Technical Support:Technical support is good.Previous Solutions:The client was using an open source solution. They decided to switch to an enterprise product.Initial Setup:The setup can be straightforward, if use cases are well defined.Cost and Licensing Advice:Overall, it the cost is reasonable and it is easy to upgrade.Other Solutions Considered:Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.Other Advice:Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are a distributor.

Date published: 2017-05-19

Rated 2 out of 5 by KH Lee from Valuable features include rapid search, data mining, and information propagation. The GUI should be improved.Valuable Features:Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.Improvements to My Organization:It has been helping a lot of my clients with fast data mining and information propagation.Room for Improvement:The GUI should be improved, in other words, the overall appearance.Use of Solution:I am not the end-user. However, my job was more relevant as a consultant.Stability Issues:Performance upgrades are needed when more processing power is required.Scalability Issues:We have not had scalability issues.Technical Support:Technical support is good.Previous Solutions:The client was using an open source solution. They decided to switch to an enterprise product.Initial Setup:The setup can be straightforward, if use cases are well defined.Cost and Licensing Advice:Overall, it the cost is reasonable and it is easy to upgrade.Other Solutions Considered:Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.Other Advice:Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.Disclaimer: My company has a business relationship with this vendor other than being a customer:We are a distributor.

Date published: 2017-05-19

Rated 4 out of 5 by Hristo Damyanov from It could be easier to set up but it has an innovative way of collecting and presenting dataValuable Features:Its performance, scalability and most importantly the innovative way of collecting and presenting data.Fast search! Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once! Furthermore a “trap” of known errors could be saved and a real time alert setup to send an email in a meaningful way with relevant details (e.g. priority, affected systems) and instructions what needs to be done next.Improvements to My Organization:Helpful for systems support, monitoring of the operations and deliveries, analysing trends and performance. Great for making sense of the application log’s events for business needs - e.g. requests per day, completed tasks per user, exceptions, KPI etc.Room for Improvement:It can be easier to setup and adding new sources which Splunk are improving with every new version.Use of Solution:I have used it for two years.Deployment Issues:No issues encountered.Stability Issues:It's running great given the information it processes.Scalability Issues:Really scalable solution. Could be split into soft/hard forwarders if needed and even completed in an HA setup.Customer Service:Splunk have dedicated staff trying to change the world for the better.Technical Support:Splunk have introduced their own certification path which guarantees that the technical support will have the needed expertise.Previous Solutions:I am familiar that there are other solutions out there but I haven't used them. Started with Splunk.Initial Setup:The initial setup requires some good analysis - what would be collected, from where, how to group the incoming data in virtual folders and indexes so it make sense and ease/scope the search later on. Apart from that the initial application setup is straightforward.Implementation Team:Implemented in house with the support of the vendor with high level of expertise.ROI:I'm not sure about the money but in saved time and a new kind of visibility for the system/business process this product has been revolutionary in the working environment. The demand for deeper integration and more details hasn't stopped since the initial implementation and we have moved on from just technical and business reports, KPI reports from other systems and we keep building new alerts, dashboards and reports as per new requirements.Cost and Licensing Advice:Not sure about the cost but I have heard it can get pretty costly for an Enterprise grade scale as the environment I work in. For home it is free up to 500Mb a day. Day-to-day cost for the product itself is costing just system resources, however the development work that needs to be completed for new requests and keeping the old one up-to-date can raise the budget according to the expertise needed.Other Advice:Go for it and be brave. Experiment, add, remove, modify. Keep what is not working until it is working how you want and then delete the rest. Make a library of useful search queries and a diagram of systems and related files included in the indexes. Do not allow access for everyone to run DB queries as per the other forms of DB access. Install 3rd party modules and play with them. Collect system events for the OS and relate it to application performance. Trap the errors you have identified, create alerts and follow name convention for email subject (e.g. priority, type, system, description).Disclaimer: I am a real user, and this review is based on my own experience and opinions.

Date published: 2017-05-08

Rated 4 out of 5 by Hristo Damyanov from It could be easier to set up but it has an innovative way of collecting and presenting dataValuable Features:Its performance, scalability and most importantly the innovative way of collecting and presenting data.Fast search! Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once! Furthermore a “trap” of known errors could be saved and a real time alert setup to send an email in a meaningful way with relevant details (e.g. priority, affected systems) and instructions what needs to be done next.Improvements to My Organization:Helpful for systems support, monitoring of the operations and deliveries, analysing trends and performance. Great for making sense of the application log’s events for business needs - e.g. requests per day, completed tasks per user, exceptions, KPI etc.Room for Improvement:It can be easier to setup and adding new sources which Splunk are improving with every new version.Use of Solution:I have used it for two years.Deployment Issues:No issues encountered.Stability Issues:It's running great given the information it processes.Scalability Issues:Really scalable solution. Could be split into soft/hard forwarders if needed and even completed in an HA setup.Customer Service:Splunk have dedicated staff trying to change the world for the better.Technical Support:Splunk have introduced their own certification path which guarantees that the technical support will have the needed expertise.Previous Solutions:I am familiar that there are other solutions out there but I haven't used them. Started with Splunk.Initial Setup:The initial setup requires some good analysis - what would be collected, from where, how to group the incoming data in virtual folders and indexes so it make sense and ease/scope the search later on. Apart from that the initial application setup is straightforward.Implementation Team:Implemented in house with the support of the vendor with high level of expertise.ROI:I'm not sure about the money but in saved time and a new kind of visibility for the system/business process this product has been revolutionary in the working environment. The demand for deeper integration and more details hasn't stopped since the initial implementation and we have moved on from just technical and business reports, KPI reports from other systems and we keep building new alerts, dashboards and reports as per new requirements.Cost and Licensing Advice:Not sure about the cost but I have heard it can get pretty costly for an Enterprise grade scale as the environment I work in. For home it is free up to 500Mb a day. Day-to-day cost for the product itself is costing just system resources, however the development work that needs to be completed for new requests and keeping the old one up-to-date can raise the budget according to the expertise needed.Other Advice:Go for it and be brave. Experiment, add, remove, modify. Keep what is not working until it is working how you want and then delete the rest. Make a library of useful search queries and a diagram of systems and related files included in the indexes. Do not allow access for everyone to run DB queries as per the other forms of DB access. Install 3rd party modules and play with them. Collect system events for the OS and relate it to application performance. Trap the errors you have identified, create alerts and follow name convention for email subject (e.g. priority, type, system, description).Disclaimer: I am a real user, and this review is based on my own experience and opinions.